What annoys me most about this is how the admins have previously declared that there is no way any mods on their site can have a virus. Everytime I post that it's rubbish: no virus scanner is flawless and it has happened before, but still this claim gets made. Inevitably it has happened again but I bet they will "make improvements" and then continue to make this claim.Why doesn't WoWUI at least check the archive, unpack it, and reject (or at least, delay for a human moderator to approve later) any interface addons that are possibly risks? Something like, it requires moderator approval if any of the files has an extension other than toc, lua, xml, mp3, blp, tga, ttf or txt, or if any of the files' first two bytes are "MZ"?
Of course you're right, if it just filtered any file beyond a few specific types then you make this kind of attack impossible - add this a decent AV and you have a good security system.
They also claim that all addons are checked manually before being accepted but no UI site mod/admin has admited to accepting these ones so I suspect someone was being lazy and just checking them off without looking. A mod called "CurseClient" on Worldofwar should be a big clue that something isn't right!